postcss-critical-split icon indicating copy to clipboard operation
postcss-critical-split copied to clipboard

Published 20 hours ago verified publisher icon mrnocreativity

Plugin depends on vulnerable versions of merge

Open mirolyubovN opened this issue 4 years ago • 1 comments

npm audit gives the following: merge <2.1.1 Will install [email protected], which is a breaking change postcss-critical-split >=2.0.0 Depends on vulnerable versions of merge node_modules/postcss-critical-split

mirolyubovN avatar Jul 05 '21 04:07 mirolyubovN

We are seeing this in our npm audits as well. It looks like this was addressed in #22. The version bump has not been pushed with this change as of yet.

stevenslack avatar Jul 21 '21 12:07 stevenslack